Commit Graph

1281 Commits

Author SHA1 Message Date
Sean Parkinson ba8e441e53 Allow TLS 1.2 to be compiled out. 2018-05-25 11:00:00 +10:00
toddouska 453daee965 Merge pull request #1523 from SparkiDev/ed25519_key
Allow Ed25519 private-only keys to work in TLS
2018-05-24 09:56:17 -07:00
toddouska 87f9d0f141 Merge pull request #1566 from ejohnstown/tcp-timeout
Fix TCP with Timeout
2018-05-24 09:07:50 -07:00
Sean Parkinson 450741f8ef Change checks for message chaching to happen once
Add compile option to remove Ed25119 client auth in TLS 1.2.
Cipher suite choice does not affect client auth.
2018-05-24 08:43:28 +10:00
Sean Parkinson 982119b495 Only cache messages when required. 2018-05-24 08:43:28 +10:00
Sean Parkinson 9358edf5dd Fixes from code review
Include new private key files in release.
Set messages field to NULL after free.
2018-05-24 08:43:28 +10:00
Sean Parkinson 58f523beba Allow Ed25519 private-only keys to work in TLS
Change Ed25519 in TLS 1.2 to keep a copy of all the messages for
certificate verification - interop with OpenSSL.
2018-05-24 08:43:28 +10:00
John Safranek b1ed852f36 Fix TCP with Timeout
wolfSSL remains agnostic to network socket behavior be it blocking or non-blocking. The non-blocking flag was meant for the default EmbedRecvFrom() callback for use with UDP to assist the timing of the handshake.

1. Deprecate wolfSSL_set_using_nonblock() and wolfSSL_get_using_nonblock() for use with TLS sockets. They become don't-cares when used with TLS sessions.
2. Added functions wolfSSL_dtls_set_using_nonblock() and wolfSSL_dtls_get_using_nonblock().
3. Removed a test case from EmbedReceive() that only applied to UDP.
4. Removed the checks for non-blocking sockets from EmbedReceive().
5. Socket timeouts only apply to DTLS sessions.
2018-05-23 11:29:16 -07:00
Jacob Barthelmeh 89fbb1b40d only compile SEQ increment function in case of DTLS or HAVE_AEAD 2018-05-23 12:07:35 -06:00
toddouska 2021bcb188 Merge pull request #1560 from dgarske/ciphernamecleanup
Refactor of the cipher suite names to use single array
2018-05-21 14:24:53 -06:00
David Garske 8163225180 Refactor of the cipher suite names to use single array, which contains internal name, IANA name and cipher suite bytes. 2018-05-16 15:29:27 -07:00
David Garske f021375c4b Fixes for fsanitize reports. 2018-05-15 17:23:35 -07:00
Chris Conlon c910d84507 Merge pull request #1527 from kojo1/RenesasCSPlus
Renesas CS+ projects
2018-05-09 10:07:16 -06:00
David Garske d43aa37041 Fix for handling match on domain name that may have a null terminator inside. The check should match on len from ASN.1 reguardless of a null character. 2018-05-03 09:33:05 -07:00
Takashi Kojo 2cc2f224f8 XTIME in LowResTimer 2018-04-28 05:03:51 +09:00
David Garske ef7b40dcab Refactor of the TLSX code to support returning error codes.
* The `SANITY_MSG_E` responses in `TLSX_SupportedVersions_GetSize`, `TLSX_SupportedVersions_Write`, `TLSX_Cookie_GetSize` and `TLSX_Cookie_Write` would incorrectly be handled.
* Added build-time checks in `tls13.c` for dependencies on `HAVE_HKDF` and `WC_RSA_PSS`.
2018-04-26 11:30:57 -07:00
toddouska 5c61810d4d Merge pull request #1497 from SparkiDev/tls13_draft28
Tls13 draft28
2018-04-25 10:17:37 -07:00
Eric Blankenhorn 568d24c63c Coverity fixes (#1509)
* Coverity fixes 3
2018-04-23 09:20:28 -07:00
thivyaashok 7d425a5ce6 Added support for an anonymous cipher suite (#1267)
* Added support for cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384
* Added test cases for verification of anonymous cipher suite
2018-04-20 10:35:37 -07:00
Sean Parkinson 94157634e1 TLS 1.3 fixes/improvements
Support Draft 28: able to compile code to return BAD_BINDER if no PSKs
match and certificates not to be used.
Change key share implementation to use server preference - server now
checks each client key share's group is in supported_groups extension.
Client and server examples modified to support server preference.
Application can set client's and server's supported groups by rank.
Server's supported groups is sent back in encrypted_extensions if
preferred group is not in client's list - able to be turned off at
compile time.
Application can query server's preferred group from client.
Able to compile using 0x0304 as version instead of draft version.
Fix state machine in TLS 1.3 to support unexpected hello_retry_request.
Also fixes non-blocking.
Fix resumption to use the named group from session.
Fix named group in session structure to be a 2-byte field.
Better detection of errors in message flow.
Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things.
Not downgrading on client fixed.
Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite.
Get downgrading from TLS 1.3 and resumption working.
Change earlyData value to an enum.
Support no extensions data (as opposed to zero length extension data) in
TLS 1.3 ClientHello.
Check PSK cipher suite is available to both client and server before
using.
Check first PSK identity chosen when server says it is using early data
at client.
Check PSK extension is last in client_hello on server.
Check the PSK cipher suite to use is supported on client.
Check the returned cipher suite for pre-shared keys is the same as
client expects.
Send alert decrypt_error when verification fails in certificate_verify
or finished message doesn't match calculated value.
Fail when certificate messages recieved in handshake when using PSK.
Validate on the server that EndOfEarlyData message has been recieved
before finished message when server sent EarlyData extension.
2018-04-20 09:44:02 +10:00
Sean Parkinson 0b47811c46 Changes for interop and performance
Changes made to test.h to allow interop of PSK with OpenSSL.
Changes to allow server to pre-generate key share and perform other
operations at later time.
Fix ChaCha20 code header to have bigger state to support assembly code
for AVX1.
Fix Curve25519 code to use define instead.
Change Curve25519 to memset all object data on init.
Change Poly1305 to put both sizes into one buffer to avoid a second call
to wc_Poly1305Update().
Added WOLFSSL_START and WOLFSSL_END API and calls to show time of
protocol message function enter and leave to analyse performance
differences.
Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-13 12:01:20 +10:00
David Garske ce6728951f Added a new --enable-opensslall option, which ensures all openssl features are enabled. Documented and tested building the various open source defines we support in our build. 2018-04-11 13:54:07 -07:00
David Garske 98c186017a Fixes for build failures. Added new WC_MAX_SYM_KEY_SIZE macro for helping determine max key size. Added enum for unique cipher types. Added CHACHA_MAX_KEY_SZ for ChaCha. 2018-04-09 13:28:15 -07:00
David Garske f9e830bce7 First pass at changes to move PemToDer into asn.c. 2018-04-09 13:28:14 -07:00
David Garske 2a460d3d05 Merge pull request #1484 from embhorn/coverity
Coverity fixes
2018-04-06 18:18:38 -07:00
Eric Blankenhorn 86767e727c Fixes for CID 185033 185028 185142 185064 185068 185079 185147 2018-04-06 13:15:16 -05:00
Eric Blankenhorn 5439402c1d Refactor for max record size (#1475)
* Added new internal function `wolfSSL_GetMaxRecordSize`.
* Modified tls_bench to use dynamic buffer based on max record size.
* Added comment for DTLS maxFragment calculation.
2018-04-05 09:11:58 -07:00
toddouska a92696edec Merge pull request #1454 from dgarske/noprivkey
Support for not loading a private key when using `HAVE_PK_CALLBACKS`
2018-03-22 12:47:22 -07:00
David Garske 4b51431546 Fix for possible unused ctx in wolfSSL_CTX_IsPrivatePkSet when no ECC, RSA or ED25519. 2018-03-21 15:46:08 -07:00
toddouska 104f7a0170 Merge pull request #1451 from JacobBarthelmeh/Optimizations
Adjust X509 small build and add more macro guards
2018-03-21 15:15:27 -07:00
toddouska 2a356228be Merge pull request #1445 from SparkiDev/wpas_fix
Fixes for wpa_supplicant
2018-03-21 15:11:43 -07:00
David Garske dbb34126f6 * Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
* Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`).
* Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key.
* Added new test.h function for loading PEM key file and converting to DER (`load_key_file`).
* Added way to get private key signature size (`GetPrivateKeySigSize`).
* Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size.
* Added inline comments to help track down handshake message types.
* Cleanup of RSS PSS terminating byte (0xbc) to use enum value.
* Fixed bug with PK callback for `myEccVerify` public key format.
* Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
Jacob Barthelmeh 26bb86690a fix for unused parameter warning 2018-03-21 10:06:06 -06:00
Jacob Barthelmeh 0aa3b5fa0e macros for conditionally compiling code 2018-03-21 00:09:29 -06:00
Jacob Barthelmeh 087df8f1cd more macro guards to reduce size 2018-03-20 17:15:16 -06:00
Sean Parkinson c9c2e1a8a7 Don't base signature algorithm support on certificate
The signature algorithm support is what you can do with another key, not
what you can do with your key.
2018-03-21 08:33:54 +10:00
toddouska 38d1eea8cd Merge pull request #1446 from SparkiDev/tls13_draft27
TLS v1.3 support for Draft 23 and Draft 27
2018-03-20 09:13:03 -07:00
toddouska 18879ce271 Merge pull request #1440 from dgarske/VerifyRsaSign_PKCallback
Added VerifyRsaSign PK callback
2018-03-20 09:02:18 -07:00
David Garske 2cc1a1c5bf Renamed callbacks for VerifySign to SignCheck. Switched the new callback context to use the one for the sign. Fix for callback pointer check on VerifyRsaSign. Added inline comments about the new RsaSignCheckCb and RsaPssSignCheckCb. 2018-03-19 10:19:24 -07:00
Sean Parkinson bd53d7ba59 TLS v1.3 support for Draft 23 and Draft 27
Draft 24: Second ClientHello usees version 0x0303 - no change.
Draft 25: The record layer header is now additional authentication data to
encryption.
Draft 26: Disallow SupportedVersion being used in ServerHello for
negotiating below TLS v1.3.
Draft 27: Older versions can be negotiated (by exclusion of 0x0304) in
SupportedVersion - no change.
2018-03-19 16:15:02 +10:00
Sean Parkinson b325e0ff91 Fixes for wpa_supplicant 2018-03-19 11:46:38 +10:00
David Garske fa73f7bc55 Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size. 2018-03-16 12:05:07 -07:00
David Garske e858ec11ac Fix unused arg when building with pk callbacks disabled. 2018-03-16 09:37:07 -07:00
David Garske ed7774e94a Added new callbacks for the VerifyRsaSign, which uses a private key to verify a created signature. The new callbacks API's are wolfSSL_CTX_SetRsaVerifySignCb and wolfSSL_CTX_SetRsaPssVerifySignCb. These use the same callback prototype as the CallbackRsaVerify and use the same context. 2018-03-15 14:43:41 -07:00
David Garske d8fe341998 First pass at added PK_CALLBACK support for VerifyRsaSign. 2018-03-14 09:54:18 -07:00
Jacob Barthelmeh 612a80609a warning about extra set of parentheses 2018-03-07 10:35:31 -07:00
Jacob Barthelmeh a9c6385fd1 trim out more strings and fix DN tag 2018-03-07 10:35:31 -07:00
Sean Parkinson 89182f5ca9 Add assembly code for ARM and 64-bit ARM
Split out different implementations into separate file.
Turn on SP asm by configuring with: --enable-sp-asm
Changed small ASM code for ECC on x86_64 to be smaller and slower.
2018-03-07 11:57:09 +10:00
John Safranek da76ee0877 allow import of DTLS sessions with null cipher as the null cipher is allowed with dtls when enabled 2018-03-02 09:57:07 -08:00
Jacob Barthelmeh 9391c608cc remove error string function when no error strings is defined 2018-02-23 17:31:20 -07:00